Another AntiSpyLab casualty...

Hi all. New to the site, and it looks grand. I ran across it searching for suggestions on clearing out the AntiSpyLab parasite/hijacker for a family member. Looks like I'm in the right place. It also seems like the first step is to post a HijackThis log. Here goes:

3. Reboot into Safe Mode (you get to the safe mode boot option by hitting the F8 key just as your computer is starting up).

- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".

- In left pane, scroll down to "Advanced, Custom Folders", put a check in Custom Folders
- Click on Run Cleaner. It may take a while for the program to perform its cleaning, so be patient. Close the program when it has finished.

- Run Norton, Windows Defender, and ewido; have the programs fix all malicious items they find.
When ewido finds the first malicious object on your system, it will ask you if it should clean it. When it asks this, put a checkmark in the lower left corner of the box that says "Perform action on all infections", then choose clean and click OK.
Save the log file that ewido will create after it finishes scanning; you'll be including that log in your next post here.

- Open Windows Explorer again, look for the following files, and delete them is they still exist:C:\WINDOWS\system32\runsrv32.exeC:\WINDOWS\system32\susp.exe

4. Empty your Recycle Bin, reboot normally, run HijackThis again, and post the new log. Also post the log that ewido generated.

Hey DMR[\b], thanks again for the help. I walked my cousin through the steps you gave as best I could over the phone. She sent me her ewido log, but there seems to be an error with it. VIM reports a "Conversion Error". The file is 78 bytes, but in Notepad it's empty. I had her run another HJT scan, though. Here is the latest HJT log:

The HijackThis log is clean, which is a Good Thing :)
Have her "kick the tires", and also see if you can get a good resend of the ewido log if possible. The ewido reports can be pretty illuminating in terms of letting us know what specific components of the infection(s) were found and what was done about them.

I had my cousin resend the Scan log from ewido, and it was the same empty file as before. Throughout her surfing today, she did not get any AntiSpyLab errors/popups at all. In fact, the only problem she experienced was a popup from one of the other spyware removal tools she installed earlier called Spyware Doctor which tells her that she's got the Alexa spyware app. Does ewido/ccleaner remove Alexa?

Otherwise, she's in great shape. Thank you again, DMR for all your help and advice!

the only problem she experienced was a popup from one of the other spyware removal tools she installed earlier called Spyware Doctor which tells her that she's got the Alexa spyware app. Does ewido/ccleaner remove Alexa?

ewido should clean Alexa, as should Spyware Doctor.
Alexa (owned by Amazon.com) provides web search and website information services mostly accessed through the installation of their search toolbar plugin. Unfortunately, Alexa does do a fair amount of "behind-your-back" information-gathering for marketing purposes, so it is detected as spyware. Alexa partners with a lot of companies, so their software is often bundled with other downloads; your cousin may have inadvertently installed the toolbar while installing some program she downloaded. If that's the case, she may be able to uninstall the toolbar through the Add/Remove Programs control panel; if not, she can have ewido or Spyware Doctor remove it.

Otherwise, she's in great shape. Thank you again, DMR for all your help and advice!

Glad to hear that the major nasties have been disinfected, and we're glad we could be of assistance. :)